LiveUser

PEAR::LiveUser authentication and permission framework

[ AdvancedSearch | AreaMap ]

Here we'll try to put together few sections to answer most of the common questions we get on irc/Mailinglists/etc.

Wiki Questions

• Q: What do I have to do to get the examples working ?
  • A: Read the README which is located in example folder, then to get more info how to setup each individual example open the index.html and keep on going from there (example 1 and 2 don't need databases since they are examples for the XML container)

Conceptual Questions

• Q: How is LiveUser different from PEAR::Auth?
  • A: PEAR::Auth natively supports many authentication sources. However, there is a LiveUser container that wraps around PEAR::Auth. Auth does not provide a way to integrate multiple authentication sources. Furthermore, Auth does not have a similar sophisticated administration API and does not support permission management at all.
• Q: How do the right levels work?
  • A:
    • If a user has a right at level 3
      • That means he is not restricted by ownership
    • If he has the right at level 2
      • Then it means either the group owner or the user owner needs to match the given user
    • If he has the right at level 1
      • Then it means the user owner needs to match the given user
    • LiveUser will always return the highest level a user gets to a given right either from (sub)group membership or by getting it directly assigned. The only exception is if a user has a negativ level in which case the user level is added to the highest group level. This way one can prevent someone who would otherwise get a given right through a group membership to get the right.
• Q: Are handles (usernames) case sensitive?
  • A: They are case sensitive in the XML container. For the database container they are usually not case sensitive, but it depends on the collation and database used.

Installation

• Q: What is the simplest way to create all the DB tables?
  • A: See this page for a mySQL structure dump. However this is a static file that will not automatically adapt to configuration settings. The "proper" way is to use the install.php found in the data directory of your PHP install. For example "/pear/data/LiveUser/misc/schema/install.php". Or adapt PEAR/docs/LiveUser/docs/examples/example5/demodata.xml and use PEAR/docs/LiveUser/docs/examples/demodata.php
• Q: Ok, i am using xml for mdb2 to get the tables in my database and inserting some user, rights, groups to start with, how to fix the sequences?
  • A: See http://cvs.php.net/viewcvs.cgi/pear/MDB2_Schema/docs/xml_schema_documentation.html?view=co#238.3.8,

<sequence>
<comments>if you used insert to put some users in lu_users table edit start or:</comments>
<comments> If the sequence on is specified, the database manager class will override 
the sequence start value with a value that is higher than the highest value
 in the specified field table. Therefore, the specified field table type 
must be integer.</comments>
<name>lu_users_sequence</name>
<start>your_default_start_value</start>
<on>

<field>auth_user_id</field>
<table>lu_users</table>

</on>

</sequence>

Configuration Questions

• Q: What do all the config options do?
  • A: The options are documented fairly well inside the LiveUser::factory() method: http://pear.php.net/package/LiveUser/docs/latest/LiveUser/LiveUser.html#methodfactory
• Q: What do the cookie options do? Why does the remember me feature need a writable directory? What is stored in the cookie? The md5 encrypted password?
  • A: The cookie options define the configuration for the remember me feature which provides a way to store a token inside a users browser to automatically log in whenever a visit the given site. In order to prevent storing a clear text password inside the cookie, the cookie actually contains an md5 hash that is produced from the handle and password along with the clear text handle. The actual password is stored on the server in the configured directory encrypted using the RC4 algorithm.
• Q: The remember me cookie isn't working. Do you have some sort of checklist so I can figure out what I did wrong?
  • A:
    1. Specify an empty writable directory in $conf array
    2. Make sure the directory is chmod 777 and owned by the user PHP/Apache runs as
    3. On login form submital, make sure you pass true to LU->login() as the third paramater.
    4. Ensure you have the mcrypt module installed, or install PEAR::Crypt_RC4
    5. After you create your LU object, you need to tell it to look at the cookie by $LU->login("", "", true);
• Q: I don't understand how to add additional data about users, such as email. Can you explain it, step by step?
  • A: The process is demonstrated in the documentation. You need to add the fields to the configuration of the relevant container. For MDB2:

<?php
                 'fields' => array(
                     // These values are filled with MDB2 result types: boolean, text, email, etc
                     // each key is required if and only if it is specified down in the 'tables' area
                     'lastlogin' => 'timestamp',
                     'is_active' => 'boolean',
                     'name' => 'text',
                     'email' => 'text',
                 ), 
                 'alias' => array(
                     //each key is required if and only if it is specified down in the 'tables' area
                     'lastlogin' => 'lastlogin',
                     'is_active' => 'is_active',
                     'name' => 'name',
                     'email' => 'email',
                 ),
                 'prefix'    => 'lu__', //table prefix
                 'tables' => array(
                     'users' => array(
                         'fields' => array(
                             'lastlogin' => false,
                             'is_active' => false,
                             'name' => false,
                             'email' => false,
                         ),
                     ),
                 ), 
?>

Code / Usage Questions

• Q: How do you get all users that have a specific right?
  • A: see http://www.gvngroup.be/doc/LiveUser_Admin/admin_user.php#getusers

<?php
require_once 'LiveUser/Admin.php';
$LUadmin =& LiveUser_Admin::factory($config);
$LUadmin->init();
$LUadmin->getUsers('perm', array('filters' => array('right_id' => $right_id)));
?>

• Q: How do you get all users which handles etc. match certain string
  • A: for users with certain handle or alike you can use operator

<?php
    array('filters' => array( 'handle' => array('value' => 'adm%', 'op' => ' like ')))
?>

• Q: Get all Groups for a user?
  • A:

<?php
$params = array( 'filters' => array(
                 'perm_user_id' => 'some_id'
                ) );
$groups = Admin::$luadmin->perm->getGroups($params);
?>

Misc Questions

• Q: Does LiveUser manage is_active and lastlogin fields by itself?
  • A: The "is_active" and "lastlogin" have special meaning. "is_active" is checked on every login attempt and the login fails if "is_active" is configured and the value for the user does not evaluate to true. "lastlogin" is updated on every login. Note that this self-management requires these fields be defined as above, as they are 'non-default' fields.
• Q: What will happen if there is an error in LiveUser or LiveUser_Admin. For example in LiveUser_Admin, what will result if you try to ->addUser() a user with an existing handle? Will it return an error, or just fail?
  • A: LiveUser and LiveUser_Admin use PEAR_ErrorStack. This means on case of errors false is returned an an error is placed on the stack. These can be retrieved using the getErrors() method in the LiveUser and LiveUser_Admin class.

This site powered by YaWiki 0.22 beta.